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AMENDMENTS TO THE CLAIMS : 

This listing of the claims will replace all prior versions, and listings, of 
claims in the application: 

Listing of Claims : 

1 . (Currently amended) A method for securing by software 
confinement, a computer system which executes codes which manipulate data, 
involving: 

at least one memory manager managing memory allocation units, un i ts, 

at least one possessor of memory allocation units, possessors and 
roquostors of memory a ll ocat i on un i ts, 

at least one requesters of memory allocation units, 
said method comprising the following steps: 

performing an allocation of memory by the memory manager upon request 
from another component of the operating system which transmits to said memory 
manager, the identity of the requester; 

performing a check by the aforesaid memory manager of the whole of the 
memory allocation units, each memory allocation unit being associated with a 
possessor of tho of said memory allocation unit; 

performing an encryption of the data of each possessor by means of a key 
associated with this possessor; 
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performing a check by the memory manager, for each request to access a 
memory allocation unit, of the identity of the requester; if this identity is not identical to 
that of the possessor of said memory allocation unit, then access to the memory 
allocation unit is refused by the memory manager; 

performing, by means of the memory manager, encryption (in the case of 
a write request) or decryption (in the case of a read request) of the 
ro l ovant data contained in (in the case of a write request) or requested by 
(in the case of a read request) the request with the key associated with the 
possessor, this key being at least recalculated by the memory manager; 
wherein the memory manager dynamically calculates the key associated with a 
possessor from a secret associated with said possessor and a master key to which only 
the memory manager has access . 

2.-9. (Canceled) 

10. (Previously presented) The method according to claim 1 , wherein 
one of said memory allocation units is a page with a fixed size or a block with a variable 
size. 

1 1 . (Currently amended) The method according to claim 1 , wherein 
one of said possessors or requesters is an -user application of tho user of the operating 
system of the computer system or the- said operating system itself. 

1 2. (Currently amended) The method according to claim 1 , wherein 
at least one of said memory allocation units is a page, and the memory manager, when 
it receives a request for allocating a block on behalf of a possessor of a memory 
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allocation unit, first searches for a page with the same possessor so that all the blocks 
allocated by said possessor are found grouped in one or several dedicated pages. 

1 3. (Currently amended) The method according to claim 1 , wherein 
transmission of the identity of the requester is accomplished either by managing a 
current context, or by passing paramotors to parameters with the requests to funct i ons 
ef- the memory manager. 

14. (Cancelled) 

15. (Previously presented) The method according to claim 1 wherein 
the memory manager associates the key with each set of possessor and memory 
allocation unit instead of associating a unique key with each possessor. 

16. (Currently amended) The method according to claim 1 wherein 
the memory manager integrates into each memory allocation unit, an area w i th wh i ch 
allowing the integrity of tho l atter said memory allocation unit to be may bo checked. 

17. (Currently amended) The method according to claim 1 wherein 
assoc i at i ng different security levels are associated with the possessors and using 
different encryption means are used according to the associated security level. 

18. (Currently amended) The method according to claim 1 bo i ng 
comb i nod w i th a phys i ca l protoct i on mechan i sm wherein the computer system includes 
a physical memory protection mechanism that prevents at least one requester from 
accessing at least one memory allocation unit . 

19. (Currently amended) The method according to claim 1 being 
implemented on an omboddod system such as a terminal of the portable telephone 
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type, a bank payment terminal, a portable payment terminal, a digital assistant or PDA, 
or a chip card. 
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